DNS manipulation attack

Imagine an attacker gained control over our DNS by changing it’s address to his/her DNS Then we want to connect to facebook.com but because of that DNS attack, the attacker forward us to his desired IP. (how this process will happen?)

then how does it possible because facebook.com is registered and he has to change the name server in his domain registrar and facebook.com address is not available so the user simply find out that ns1.facebook.com address is kind of weird Or a simple change like @ IN SOA facebook.com. in attacker’s DNS settings is enough for this kind of attacks? if it’s enough so what will be happen to ns1.facebook.com. how does it resolve for the end user (the end user will see the www.facebook.com or facebook.com in his/her browser address bar?